There is a mismatch between the data representation requirements of different programming languages. The motivating case is C, the implementation language for the Apache HTTPD web server, which presents character string data as a sequential array of octets, vs. JavaScript, which views characters in a string as indivisible and atomic. When a string that violates the implicit assumption of one character per octet location made by C is processed by a program implemented in C, and the result passed to a program implemented in JavaScript, which performs further processing before displaying a reconstructed string, chances are excellent that the displayed string will not be what was intended.
This is particularly a problem in the context of compression. Not only can character codes be potentially outside the range of a single octet, code values can also span octets.
This is a problem in the context of cryptography, because most cryptographic algorithms operate on binary data without regard to character encodings, and rely on the external system to manage character data appropriately. This external management does not exist in JavaScript.